On Tue, Sep 10, 2013 at 3:30 PM, Robert J. Hansen <r...@sixdemonbag.org>wrote:
> > Assuming it takes effort a to break cipher A and effort b to break > > cipher b, this should result in effort at least max(a, b) needed to > > break A+B. > > Basically, though, it's "this is a naive and unfounded assumption." > Why? Assuming the Keys are not related (e.g. by creating random keys and then encrypting them both with RSA) this is safer, assuming the attacker can crack one of the two symmetric ciphers but not RSA. If you use the same/related Keys for both encryptions and/or the ciphers don't interact somehow (like when using ROT-13 two times) it is indeed less secure!
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users